Stay Smart Online (SSO) has issued an urgent warning to Google Chrome users who save their passwords to their browser. Passwords are not secured properly – allowing other users to be able to view all saved passwords! We look at the vulnerabilities for this method on any browser, and look at what other methods of password retrieval computer users can to adopt to protect their important personal information and ultimately – their credit file.

By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

Chrome will typically prompt you to save your password for a site that you visit, and remember this for future logins. While other browsers offer the option of a “master password” that can be activated to protect your passwords, Chrome does not.

On any Google Chrome browser, you can type chrome://settings/passwords into the URL bar. This will display a page listing all of the passwords held by that browser—for all users of that computer.

This is particularly concerning for shared computers. You should never save your passwords when using shared computers, such as public computers at a library or airport.

Do not rely on your browser to safely store passwords for you if someone else has physical access to that machine.

Only allow people you trust to access to your computer, especially if that computer contains confidential information.

Online expert Daniel Smith says saving passwords on your browser is something you should never do.

“It may be a convenient way to store the many passwords you might have for different accounts, but if it’s convenient for you, it can be convenient for anyone looking to steal them as well,” he says.

Daniel recommends people wanting to remember difficult passwords should use a secure and trusted third-party tool to protect and manage their passwords rather than save them to their browser.

“Sites such as Passpack.com or Lastpass could be good secure options for password management. One thing to note is that passpack has never been hacked. Another thing to note is that all browsers not just chrome do this,” Daniel says.

Daniel’s Key Tips To Protect Your Password

1. Use secure passwords. Come up with a unique password scheme – for example every 3rd vowel is a number or symbol. Or you could use two unrelated words which are memorable to you, and use tools like the Shift key to create a password that can’t be easily deciphered.

2. Use a different password for each account. It may be harder to remember, but it may just take a little bit of work to make your passwords unique and also easy to remember.

3. Use a unique username – not the default setting. Don’t use ‘admin’ as a username. You should use a username with at least 8 characters and include characters you have to press Shift for.

4. Minimise password login attempts. For sites you have control over access to – restrict the number of attempts allowed to access the site, before the user is ‘locked out’, which prevents multiple attempts to crack the password.

5. Include a 2-step verification plug-in. You can download a plug-in which requires 2-step authentification similar to bank requirements when logging in to the site. These are harder to infiltrate by hackers, but Daniel says many don’t use them because they are inconvenient.

6. Never store passwords in your browser. Take time to make passwords unique yet easy to remember or use a secure third-party password manager if necessary.

Personal Information Security and Your Credit File

Stealing passwords or personal information through these channels can lead to identity theft and potentially fraud. Hackers can on-sell your personal information to fraudsters who have identity theft as part of their repertoire.

Information like passwords, dates of birth, account numbers, full names etc can be warehoused and used to steal your identity and take credit out in your name. Fraudsters have been known to go so far as to take out personal loans, credit cards and even mortgage homes in their victim’s name.

Fraudsters are never so kind as to pay this credit back – which leads to defaults on your credit rating. Most victims are unaware of this until they apply for credit in their own right and are flat out refused.

For between 5 and 7 years you can be locked out of credit while your credit rating shows up someone else’s defaults.

Unfortunately in the past it has not been easy for identity theft victims to prove they did not initiate the credit, particularly if they have no idea how they were duped in the first place. Often this sophisticated type of fraud is instigated by overseas crime syndicates who don’t leave much of a trail, or even if they do, can’t be prosecuted easily.

Prevention really is key to protecting your credit file from this fraud – so spend some time and make sure your passwords are as secure as possible as a first line of defence against identity theft.

In one week, the Notifiable Data Breaches (NDB) scheme comes into force. The scheme mandates that Australian Government agencies and businesses with obligations under the Privacy Act 1988 (Privacy Act) must notify you if you are likely to be at risk of serious harm because of a data breach.

From 22 February 2018, the Notifiable Data Breaches scheme (NDB scheme) will require a wide range of organisations to report data breaches that are ‘likely to result in serious harm’ to the individuals whose personal information is affected by the breach. They will also be required to notify the OAIC.

The Australian Information Commissioner has released a direction regarding certain procedures to be followed during an Information Commissioner review (IC review) which takes effect from 26 February 2018.

Individuals who were in immigration detention on 31 January 2014, and were affected by the Department of Immigration and Border Protection’s February 2014 data breach, now have an opportunity to provide information about any loss or damage suffered as a result of the breach.

Private sector health service providers will be required to notify affected individuals and the Australian Information Commissioner of data breaches that are likely to cause serious harm under the Notifiable Data Breaches (NDB) scheme.